IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cloud Services
#
Cybersecurity
#
Detectify
Subdomains increased security risk for businesses
Fri, 24th Oct 2014
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

New research has highlighted that abandoned subdomains are becoming an increased security risk for businesses.

Subdomains are often set up by companies for use external services, but are often not disabled when those services stop.

This creates a loophole for attackers.

Ownership of subdomains are not always properly validated by service providers, allowing attackers to set up new accounts and abuse subdomains forgotten by companies.

While removing or update DNS entries for subdomains they are no longer actively used sounds like common practice, this oversight is apparently widespread among companies.

Detectify, the Stockholm-based provider of website security scanning services who did the research, says it identified at least 17 service providers who do not handle the subdomain ownership verification properly.

Detectify named Heroku, Github, Bitbucket, Squarespace, Shopify, Desk, Teamwork, Unbounce, Helpjuice, HelpScout, Pingdom, Tictail, Campaign Monitor, CargoCollective, StatusPage.io and Tumblr as service providers not verifying

"We've also identified at least 200 organisations which are currently affected," the researchers said in a blog post. "In many cases, we are talking NASDAQ-listed, top 100 Alexa rank domains."

While this type of vulnerability may not be considered new, Detectify says there are many aspects to the problem. A domain owner who forgets to remove the DNS-entry, the service provider who doesn't remind the domain owner to remove the DNS-entry, and the service provider who does not validate more when a new account is trying to use the same account as before.

While the risk to website owners varies depending on what can be done of a third party service once a domain is pointed to it, if web pages or redirects are set up, attackers could exploit the situation to launch credible phishing attacks by creating rogue copies of the main website.

Some of the subdomains exposed to this form of hijacking that were found by Detectify belonged to various types of organisations including government agencies, health services providers, insurance companies and banks.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
SAS expands managed services portfolio to Amazon Web Services
Business leaders anxious over data security – report
Ververica celebrates as Apache Paimon becomes top-level project
Half of online traffic in 2024 generated by bots, report finds
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA